Opened 8 months ago
Closed 7 months ago
#63313 closed defect (bug) (invalid)
Add missing escapes
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Customize | Keywords: | has-patch |
| Focuses: | coding-standards | Cc: |
Description
Add missing escapes in the wp-admin/includes/class-custom-background.php file
Attachments (1)
Change History (3)
#2
@
7 months ago
- Keywords close removed
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
I'll close this because $background_image_thumb is not missing the esc_url() function.
(Also, the separate administration screen for Background was replaced in WordPress 4.1.)
Note: See
TracTickets for help on using
tickets.
Hi and thanks for the patch!
The
$background_image_thumbvariable is already escaped, earlier:$background_image_thumb = get_background_image(); if ( $background_image_thumb ) { $background_image_thumb = esc_url( set_url_scheme( get_theme_mod( 'background_image_thumb', str_replace( '%', '%%', $background_image_thumb ) ) ) );